85 matches found
COVID-Themed Lures Target SCADA Sectors With Data Stealing Malware
A new malware campaign has been found using coronavirus-themed lures to strike government and energy sectors in Azerbaijan with remote access trojans RAT capable of exfiltrating sensitive documents, keystrokes, passwords, and even images from the webcam. The targeted attacks employ Microsoft Word...
icsmaster
This repository, 'icsmaster', is an ICS/SCADA security resource collection. It contains various tools and scripts for identifying and exploiting vulnerabilities in industrial control systems. The repository includes a list of dorks search terms for finding vulnerable systems, as well as a...
Siemens TIA Administrator Authentication Vulnerability
Simatic WinCC TIA Portal is engineering software for configuring and programming Simatic panels, Simatic Industrial PCs and standard PC Winccruntime professional visualization software running WinCC Runtime Advanced or SCADA systems. An authentication vulnerability exists in Siemens TIA...
Modbus Slave PLC 7 Buffer Overflow
Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow PoC Author: Kagan Capar Discovery Date: 2018-10-27 Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Vendor Homepage : https://www.modbustools.com Tested Version: 7 Tested on OS: Windows XP SP3 ENG other versio...
Modbus Slave PLC 7 - .msw Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow PoC Author: Kağan Çapar Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Vendor Homepage : https://www.modbustools.com Tested Version: 7 Tested on OS:...
Modbus Slave PLC 7 - '.msw' Buffer Overflow (PoC)
Exploit Title: Modbus Slave PLC 7 - '.msw' Buffer Overflow PoC Author: Kağan Çapar Discovery Date: 2018-10-27 Software Link: https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe Vendor Homepage : https://www.modbustools.com Tested Version: 7 Tested on OS: Windows XP SP3 ENG other versio...
CirCarLife SCADA 4.3.0 - Credential Disclosure
CirCarLife SCADA 4.3.0 - Credential Disclosure Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Date: 2018-09-10 Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0...
McAfee Night Dragon Report (Update A)
Overview McAfee has published a white paper titled “Global Energy Cyberattacks: Night Dragon,”McAfee, http://www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf, accessed February 10, 2011. which describes advanced persistent threat activity designed to obtain...
Podcast: The Evolution of Deception Technology
Deception technology is an emerging category of cyber defense that is particularly useful when it comes to IoT devices, SCADA systems and medical devices. Threatpost talks to Tony Cole, CTO of Attivo Networks, about how deception technology has evolved, the challenges behind and opportunities of...
Multiple SQL Injection Vulnerabilities in Ecava IntegraXor
Ecava IntegraXor is a set of Web-based tools for creating and running HMI interfaces for SCADA systems. Ecava IntegraXor suffers from multiple SQL injection vulnerabilities that stem from a failure to properly validate a SQL query before using user input. An attacker could use this vulnerability ...
ICS-CERT Report Grim Reminder of State of Critical Infrastructure Security
U.S. critical infrastructure got another reminder this week that it needs to do more to protect itself from cyber attacks with the release of an annual government report. The NCCIC/ICS-CERT FY 2015 Annual Vulnerability Coordination Report points out that nagging issues continue to plague industri...
Siemens SINEMA Server Privilege Escalation Vulnerability (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-215-02 Siemens SINEMA Server Privilege Escalation Vulnerability that was published August 2, 2016, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 2 -------- Security researcher rgod working...
Attributing Advanced Attacks Remains Challenge For Researchers
Amid the connections being made between the Russian government and the attack on the Democratic National Committee DNC, researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s...
IoT Insecurity: Top Connected Device Security Concerns
It’s a coin toss whether or not that Internet of Things device you depend on is secure. Those unacceptable 50/50 odds come from a survey by IOActive where technology professionals were asked about the security of connected devices from thermostats, security cameras to alarm systems. Those numbers...
IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems
In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering FLARE team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE...
Iranians Indicted Over DDoS Campaign on Banks, Dam Hack
The U.S. government on Thursday indicted seven hackers affiliated with the Iranian government for attacks it called “a frightening new frontier in cybercrime.” Accusing the men of carrying out a series of distributed denial of service DDoS attacks against 46 financial companies, the Department of...
Meteocontrol WEB'log Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-133-01 Meteocontrol WEB'log Vulnerabilities that was published May 12, 2016, on the NCCIC/ICS‑CERT web site. Independent researcher Karn Ganeshen has identified one authentication and two information exposure...
Power Grid Honeypot Puts Face on Attacks
TENERIFE, Spain –The rhetoric around hacking the power grid would have you believe it’s a relatively mundane practice. Policymakers, intelligence agencies and vendors, for example, spread the word gleefully, leaning on scenarios such as state-sponsored hackers shutting off the lights in the dead ...
Sandworm Team and the Ukrainian Power Authority Attacks
Update 1.11.16 - SANS ICS Team Connects Dots Updating the blog entry to bring attention to the recent analysis published by Mike Assante from the SANS ICS team. "After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that...
Sandworm Team and the Ukrainian Power Authority Attacks
Update 1.11.16 - SANS ICS Team Connects Dots Updating the blog entry to bring attention to the recent analysis published by Mike Assante from the SANS ICS team. "After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that...